Secondary menu

You are here

Congress introduces legislation to establish security standards for government devices

Based on analyst firm Gartner’s research, 20.4 billion Internet of Things (IoT) devices will be deployed by 2020; that’s more than double the world’s population! Hackers tend to gravitate toward the weakest link in the security chain, and because more and more IoT devices have questionable defenses, they make easy targets. This has caused the U.S. government to take notice.

To date, there is no national standard for IoT security, leaving it up to each company to decide how they want to security their connected devices. So, on Monday, March 11th, the U.S. Senate and House of Representatives members introduced the Internet of Things Cybersecurity Improvement Act. If passed, this legislation would set minimum security standards for connected devices used by the government in an effort to prevent the federal government from purchasing hacker friendly devices.

While the legislation won’t set security standards for all IoT companies—just the ones wanting to win federal contracts— it could provide a baseline of best practices for all connected device manufacturers to consider.

Should the bill pass, here’s what would happen:

Security standards from the National Institute of Standards and Technology (NIST), such as secure development, identity management, patching and configuration management, would be required;

NIST would review every five years;

All IoT venders selling to the U.S. government would have a vulnerability disclosure policy, allowing government officials to learn when the devices are open to cyberattacks.

Do you think this legislation would compel all connected device makers to adopt these security requirements or just the ones wanting to do business with the government?